Google Wallet Toots Two Security Flaws
Google Wallet is a mobile payment system that allows Android-Based smartphones the ability, through near-field communication (NFC) to pay for purchases in stores.
This week, two different security researchers discovered two serious security flaws with the payment system. The first weakness pertains to the Google Wallet PIN protection system that allows access to the owner’s digital wallet in a matter of seconds using a brute force method to crack the PIN. The results of the attack will enable the attacker the ability to access key information on rooted smartphone that includes credit card numbers and transaction history.
The second flaw pertains to the ability to access the Google Prepaid Card system on a stolen, lost, or secondhand phone. Unlike the previously stated flaw dealing with the PIN, the second security flaw affects all users regardless if the smartphones has been rooted or not.
Google stated they are in the process of patching the security flaws identified in its Wallet mobile payment service and are urging consumers to set up a screen lock to secure their Android smartphone against hackers.
We also urge android-based smartphone users to enable full disk encryption on their device, to install an app such as Lookout Mobile that protects against viruses and has a GPS locater and lastly to keep the device updated with the latest software.
If you have lost or plan to sell or even give a phone away, call the Google Wallet support line toll-free at 855-492-5538 for assistance in disabling the prepaid card system.
Black Hat USA Welcomes Neal Stephenson to Keynote Stage
Black Hat USA Welcomes Neal Stephenson to Keynote Stage
World’s Leading Information Security Event Celebrates 15 Year Anniversary
Black Hat, produced by UBM TechWeb, has announced that renowned speculative fiction writer Neal Stephenson will be interviewed in a keynote Q&A at this year’s 15 year anniversary event. Black Hat USA 2012 is expected to host more than 6500 high-level security professionals for the most timely, actionable security presentations of the year. Black Hat is the world’s biggest and most important family of information security events, and its flagship USA edition is taking place July 21- July 26 at Caesar’s Palace in Las Vegas. For more information and to sign up for early-bird registration by February 1, visit https://www.blackhat.com/usa.
Black Hat USA proudly presents Neal Stephenson to the main stage Thursday, July 26, 2012. Stephenson will delve into a host of writing and technology-related topics, including his brand new novel “REAMDE.” The novel explores the exploitation of a massively multiplayer online role- playing game through the release of the REAMDE virus – a virus that encrypts all of a player’s electronic files and holds them for ransom. Stephenson will host a special book signing on site after his keynote.
“Boom goes the Dynamite!” says Black Hat Content director Travis Carelock. “Neil Stephenson is one of those rare authors that never fails to ignite the imaginations of geeks and technophiles everywhere. Most of us grew up daydreaming about his books such as ‘Snow Crash’ and ‘Cryptonomicon.’ It really is fantastic news for our 15th anniversary!”
Stephenson’s previous work includes novels such as “Cryptonomicon,” “The Diamond Age,” “Zodiac,” the three-volume “The Baroque Cycle” (“Quicksilver,” “The Confusion,” and “The System of the World”) and “Snow Crash,” which was named one of TIME Magazine’s 100 all-time best English-language novels. He is known for exploring and redefining genres ranging from cyberpunk to the historical epic.
Black Hat USA 2012 celebrates 15 years as the most significant information security event brand in the world. This year Black Hat welcomes over 6500 digital security experts, public, private sector security professionals and underground hackers in Las Vegas to uncover groundbreaking new vulnerabilities and new security tools debuting for the first time. Sponsors of Black Hat USA include Platinum Sponsors: Accuvant LABS, Cisco, IBM, LogRhythm, Microsoft, Qualys, Symantec, Terremark, a Verizon Company, Trustwave.
About Black Hat
Black Hat provides briefings and training to leading corporations and government agencies around the world. Black Hat differentiates itself by working at many levels within the corporate, government, and underground communities. This unmatched informational reach enables Black Hat attendees to be continuously aware of the newest vulnerabilities, defense mechanisms, and industry trends. Black Hat Briefings and Trainings are held annually in Abu Dhabi, Amsterdam, and Las Vegas. Black Hat is produced by UBM TechWeb. More information is available at http://www.blackhat.com.
About UBM TechWeb
UBM TechWeb, the global leader in technology media and professional information, enables people and organizations to harness the transformative power of technology. Through its three core businesses – media solutions, marketing services and paid content – UBM TechWeb produces the most respected and consumed brands and media applications in the technology market. More than 14.5 million business and technology professionals (CIOs and IT managers, Web & Digital professionals, Software Developers, Government decision makers, and Telecom providers) actively engage in UBM TechWeb’s communities and information resources monthly. UBM TechWeb brands include: global face-to-face events such as Interop, Web 2.0, Black Hat and Enterprise Connect; award-winning online resources such as InformationWeek, Dark Reading, and Network Computing; and market-leading magazines InformationWeek, Wall Street & Technology, and Advanced Trading. UBM TechWeb is a UBM plc. company, a global provider of news distribution and specialist information services with a market capitalization of more than $2.5 billion.
SOURCE UBM TechWeb
For further information: Natalia Wodecki of UBM TechWeb , Black Hat Communications Director, nwodecki@techweb.com
Official Press Release can be viewed here.
Report: Hacked Syrian officials used ‘12345’ as email password
An article written By Rosa Golijan of MSNBC.com shows how important passwords are:
After hundreds of emails from the office of Syrian President Bashar al-Assad were leaked on Monday, a report revealed that several of Assad’s aides and advisers used the password “12345.”
According to Barak Ravid of the Israeli media outlet Haaretz, hackers affiliated with the Anonymous collective attacked the mail server of the Syrian Ministry of Presidential Affairs on Sunday night. During that attack they managed to compromise about 78 email inboxes, including those belonging to the Minister of Presidential Affairs Mansour Fadlallah Azzam and Assad’s media adviser, Bouthaina Shaaban.
Read more at MSNBC.com
Hacker releases Symantec source code
A hacker released the source code for antivirus firm Symantec’s pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.
The release followed failed email negotiations over a $50,000 payout to the hacker calling himself YamaTough to destroy the code.
The email thread was published on Monday, but the hacker and the company said their participation had been a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.
The negotiations also might have bought Symantec time while it issued fixes to the pcAnywhere program, which allows customers to access their desktop machines from another location.
“Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since January 23 to protect our users against known vulnerabilities,” said company spokesman Cris Paden.
Symantec had taken the extraordinary step of asking customers to stop using the software temporarily until it readied the patches. It issued fixes for “known vulnerabilities” in version 12.5 of the software on January 23 and fixes for versions 12.0 and 12.1 on Friday January 27.
Paden said that Symantec had contacted its customers and that it had not lost any customers. He said that if they were running up-to-date, patched versions they should not face increased risk.
Symantec also expects hackers to release other source code in their possession, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. “As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any disclosure,” Paden said.
The emails over the $50,000 payoff was widely circulated, with some mocking the world’s largest standalone security company for its apparent attempt to buy protection.
But the company said the emails were in fact between the hacker and law enforcement officials posing as a Symantec employee.
“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation,” Paden said, adding that no money was paid.
Paden declined to name the law enforcement agency, saying it could compromise the investigation.
Symantec had previously confirmed the hacker, part of a group called Lords of Dharmaraja and affiliated with Anonymous, was in possession of source code for its products, obtained in a 2006 breach of the company’s networks.
The email exchange released by the hacker, who claims to be based in Mumbai, India, shows drawn-out negotiations with a purported Symantec employee starting on January 18.
The email negotiations echoed conversations in past years, viewed by Reuters, in which police agencies directed talks between victims and hackers.
“We can’t pay you $50,000 at once for the reasons we discussed previously,” said one email from a purported Symantec employee Sam Thomas, who offered to pay the full amount at a later date.
“In exchange, you will make a public statement on behalf of your group that you lied about the hack.”
A common tactic of the FBI and others investigating extortionists and kidnappers is to seek to break down the amount of money sought by the suspects into multiple smaller payments.
This stretches out the negotiation, giving authorities more insight into the suspect and more time in which to make an arrest. It also lessens the risk to any victim inclined to pay the entire amount demanded.
Most important, it creates more transactions, each one of which provides a trail of records and human beings that can be traced as the police seek their quarry.
The hacker said he never intended to take the money.
“We tricked them into offering us a bribe so we could humiliate them,” YamaTough told Reuters.
In recent weeks, the hacker has posted segments of code for Norton Utilities and other programs. A software maker’s intellectual property, specifically its source code, is its most precious asset.
Symantec’s Norton Internet Security is among the most popular software available to stop viruses, spyware, and online identity theft.
Copyright 2012 Thomson Reuters. Click for restrictions.
Microsoft Windows DLL Load Hijacking (2269637)
Microsoft Windows DLL Load Hijacking (2269637)
Rating: High
Affected OS: Windows XP (Service Pack 3, [++])
Description: A remote code execution vulnerability exists in some versions of Microsoft Windows.
Recommendation: Currently we are unaware of a vendor-supplied patch or update (9/17/2010).
A Microsoft Fix it Solution has been posted:
http://support.microsoft.com/kb/2264107
Users may choose to configure access protection rules to prevent access of at least ?*.dll? and ?*.ocx? from untrusted file locations where you share documents but are unlikely to be loading program libraries from.
This can be accomplished per the below steps:
– From the VirusScan console, open the properties dialogue for ‘Access Protection’.
– Highlight ‘User Defined Rules’, and click ‘New’.
– Choose the ‘File/Folder Blocking Rule’ option.
– Name the rule.
– Under ‘processes to include’, add a wildcard ‘*’ character.
– Under ‘File or folder name to block’ add a network share followed by *.dll. It is also recommended to do this for *.ocx file types.
(i.e. – F:Share***.dll)
Please note: This rule may also block non-malicious applications from running on network drives and should be tested for each environment.
Observation: A remote code execution vulnerability exists in some versions of Microsoft Windows.
The flaw was first described in the Arcos “Security Problem Report” 2010-08-18-1 as “Remote Binary Planting in Apple iTunes for Windows”.
The issue occurs when vulnerable file types are opened from within a directory/share determined by an attacker. Vulnerable applications will launch DLLs in the working directory by default in order to handle the type of file that is being opened. This can lead to the loading of malicious DLLs and the remote execution of arbitrary code.
Common Vulnerabilities & Exposures (CVE): NA
IAVA Reference Number: NA
(MS09-062) GDI+ .Net PropertyItem Heap Overflow Vulnerability (957488)
(MS09-062) GDI+ .Net PropertyItem Heap Overflow Vulnerability (957488)
Rating: High
Affected OS: Windows XP (Service Pack 3, [++])
Description: A vulnerability exists in Microsoft’s GDI+ component may allow remote code execution.
Recommendation: The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
Observation: A vulnerability exists in Microsoft’s GDI+ component may allow remote code execution.
The flaw exists in the Microsoft .NET Framework, which can allow malicious Microsoft .NET applications to gain unmanaged code execution privileges.
Common Vulnerabilities & Exposures (CVE): CVE-2009-2504
IAVA Reference Number: 2009-A-0099
